I have a Linux mail server that is managed by several different admins in our company. Recently one of the configuration files (under the /etc directory) was changed causing a minor problem with our mail server. The change happened several weeks ago and was not apparent until later.

The problem is that no-one records changes that are made to the configuration and it's very hard/impossible to track down who made the change because everyone uses the root account. I've recently also heard of the etckeeper package from the Ubuntu server guide and was wondering if there were any similar systems for RedHat. i.e. software which allows you to put the entire '/etc' directory under version control and that integrates nicely with the package manager.

Alternatively are there any other systems, for RH in particular, which allow fine-grained control of the changes to configuration? Basically when I look at a configuration file I want to be able to see exactly when it was changed and by whom. I also really like the idea that just like in subversion you would be prompted to enter a note explaining the change every time you commit the new config.

Thanks

anomie

07-24-2009 12:09 AM

For a single mail server, you might consider (simply) rcs for version control. I use it on all my servers. Probably not the most elegant approach, but I'm consistent about it.

As for "everyone [using] the root account", it's probably time for you to look into requiring other sysadmins to use sudo.

Srz0rz

08-02-2009 06:22 PM

Thanks for the advice, we are moving to a system where everyone uses 'sudo' for sysadmin tasks. For version control, I'm a fan of subversion myself, but whatever gets the job done.

Also, as a part of searching for an solution I've come upon a system called cfengine which looks promising as a way to manage configuration on multiple machines. Has anyone had experience using this system and can you comment on how stable/usable it is?

I'm thinking of forcing all sysadmins to make changes through this system and then have them propagated to the machine(s) as a better way to make and keep track of system changes.